Field	Description
Mirroring group	Number of the mirroring group.
Type	Type of the mirroring group: Local.
Status	Status of the mirroring group: · Active—The mirroring group has taken effect. · Incomplete—The mirroring group configuration is not complete and does not take effect.
Mirroring port	Source port.
Mirroring CPU	Source CPU.
Monitor port	Destination port.
Encapsulation	Encapsulation parameters of the mirrored packets.
Destination IP address	Destination IP address in the outer header of the GRE-encapsulated mirrored packets.
Source IP address	Source IP address in the outer header of the GRE-encapsulated mirrored packets.
DSCP	DSCP value in the outer header of the GRE-encapsulated mirrored packets.
VLAN	VLAN in the outer header of the GRE-encapsulated mirrored packets.
VRF Instance	VPN instance whose routing table is used to direct forwarding of the mirrored packets.
Destination MAC address	Destination MAC address in the outer header of the GRE-encapsulated mirrored packets.

‌

mirroring-group

Use mirroring-group to create a mirroring group.

Use undo mirroring-group to delete mirroring groups.

Syntax

mirroring-group group-id local

undo mirroring-group { group-id | all | local }

Default

No mirroring groups exist.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group ID. The value range for this argument is 1 to 6.

local: Specifies local mirroring groups.

all: Specifies all mirroring groups.

Examples

# Create local mirroring group 1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

mirroring-group mirroring-cpu

Use mirroring-group mirroring-cpu to configure source CPUs for a mirroring group.

Use undo mirroring-group mirroring-cpu to remove source CPUs from a mirroring group.

NOTE:

The S9855 Switch Series does not support this command.

‌

Syntax

mirroring-group group-id mirroring-cpu slot slot-number-list { both | inbound | outbound }

undo mirroring-group group-id mirroring-cpu slot slot-number-list

Default

No source CPU is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number. The specified mirroring group must already exist. The value range for this argument is 1 to 6.

slot slot-number-list: Specifies a space-separated list of up to eight slot number items. An item specifies an IRF member device by its member ID or specifies a range of IRF member devices in the form of start-slot-number to end-slot-number. The end slot number must be equal to or greater than the start slot number.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Examples

# Create local mirroring group 1 to monitor the inbound traffic of the CPU on the specified slot.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 mirroring-cpu slot 1 inbound

Related commands

mirroring-group

mirroring-group mirroring-port (interface view)

Use mirroring-group mirroring-port to configure a port as a source port for a mirroring group.

Use undo mirroring-group mirroring-port to restore the default.

Syntax

mirroring-group group-id mirroring-port { both | inbound | outbound }

undo mirroring-group group-id mirroring-port

Default

A port does not act as a source port for any mirroring groups.

Views

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 6.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

A source port cannot be used as a monitor port of any mirroring group.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of the port HundredGigE 1/0/1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] interface hundredgige 1/0/1

[Sysname-HundredGigE1/0/1] mirroring-group 1 mirroring-port both

Related commands

mirroring-group

mirroring-group mirroring-port (system view)

Use mirroring-group mirroring-port to configure source ports for a mirroring group.

Use undo mirroring-group mirroring-port to remove source ports from a mirroring group.

Syntax

mirroring-group group-id mirroring-port interface-list { both | inbound | outbound }

undo mirroring-group group-id mirroring-port interface-list

Default

No source port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 6.

interface-list: Specifies a space-separated list of up to eight interface items. Each item specifies an interface by its type and number or specifies a range of interfaces in the form of interface-type interface-number1 to interface-type interface-number2. When you specify a range of interfaces, the interfaces must be of the same type and on the same slot. The start interface number must be identical to or lower than the end interface number.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

A source port cannot be used as a monitor port of any mirroring group.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of HundredGigE 1/0/1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 mirroring-port hundredgige 1/0/1 both

Related commands

mirroring-group

mirroring-group monitor-port (interface view)

Use mirroring-group monitor-port to configure a port as the monitor port for a mirroring group.

Use undo mirroring-group monitor-port to restore the default.

Syntax

mirroring-group group-id monitor-port [ destination-ip destination-ip-address source-ip source-ip-address [ dscp dscp-value | vlan vlan-id | vrf-instance vrf-name ] * [ destination-mac mac-address ] | destination-mac mac-address ]

undo mirroring-group group-id monitor-port

Default

A port does not act as the monitor port for any mirroring groups.

Views

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 6.

destination-ip destination-ip-address: Specifies the destination IP address for the mirrored packets.

source-ip source-ip-address: Specifies the source IP address for the mirrored packets.

dscp dscp-value: Specifies the DSCP value for the mirrored packets. The dscp-value argument can be a number in the range of 0 to 63 or a keyword in Table 2. The default DSCP value is 0.

Table 2 DSCP keywords and values

Keyword	DSCP value in binary	DSCP value in decimal
af11	001010	10
af12	001100	12
af13	001110	14
af21	010010	18
af22	010100	20
af23	010110	22
af31	011010	26
af32	011100	28
af33	011110	30
af41	100010	34
af42	100100	36
af43	100110	38
cs1	001000	8
cs2	010000	16
cs3	011000	24
cs4	100000	32
cs5	101000	40
cs6	110000	48
cs7	111000	56
default	000000	0
ef	101110	46

‌

vlan vlan-id: Specifies a VLAN by its VLAN ID in the range of 1 to 4094 for the mirrored packets.

vrf-instance vrf-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. The mirrored packets will be forwarded based on the routing table of the specified VPN instance.

destination-mac mac-address: Specifies the destination MAC address for mirrored packets. The mac-address argument is in the format of H-H-H. If you do not specify this option, the device uses the destination IP address to obtain the destination MAC address. If the destination MAC address cannot be obtained, the default MAC address 000f-e241-5e5b is used.

Usage guidelines

Only when you configure Layer 3 remote port mirroring through encapsulation parameters, you can configure the following encapsulation parameters for mirrored packets sent to the monitor port:

· Destination IP address, which is the IP address of the remote data monitoring device.

· Source IP address.

· Optional encapsulation parameters, including the DSCP value, VLAN, VPN instance, and destination MAC address.

The mirrored packet is first encapsulated in a GRE packet with a protocol number of 0x88BE. The GRE packet is then encapsulated in a delivery protocol by using the configured encapsulation parameters and routed to the final destination.

Do not enable the spanning tree feature on the monitor port of a mirroring group.

A Layer 2 or Layer 3 aggregate interface cannot be configured as the monitor port for a mirroring group.

Use a monitor port only for port mirroring, so the data monitoring device receives and analyzes only the mirrored traffic.

The member port of an existing mirroring group cannot be configured as a monitor port.

The member port of an aggregate interface cannot be configured as a monitor port.

Examples

# Create local mirroring group 1 and configure HundredGigE 1/0/1 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] interface hundredgige 1/0/1

[Sysname-HundredGigE1/0/1] mirroring-group 1 monitor-port

# Create local mirroring group 3. Specify HundredGigE 1/0/1 as its monitor port and configure the encapsulation parameters including the source and destination IP addresses, DSCP value, VLAN, and VPN instance for the mirrored packets.

<Sysname> system-view

[Sysname] mirroring-group 3 local

[Sysname] interface hundredgige 1/0/1

[Sysname-HundredGigE1/0/1] mirroring-group 3 monitor-port destination-ip 1.1.1.1 source-ip 3.3.3.3 dscp 1 vlan 1 vrf-instance 122

Related commands

mirroring-group

mirroring-group monitor-port (system view)

Use mirroring-group monitor-port to configure the monitor ports for a mirroring group.

Use undo mirroring-group monitor-port to remove the monitor ports from a mirroring group.

Syntax

mirroring-group group-id monitor-port interface-type interface-number [ destination-ip destination-ip-address source-ip source-ip-address [ dscp dscp-value | vlan vlan-id | vrf-instance vrf-name ] * [ destination-mac mac-address ] | destination-mac mac-address ]

undo mirroring-group group-id monitor-port interface-type interface-number

Default

No monitor port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The value range for this argument is 1 to 6.

interface-type interface-number: Specifies an interface by its type and number.

destination-ip destination-ip-address: Specifies the destination IP address for the mirrored packets.

source-ip source-ip-address: Specifies the source IP address for the mirrored packets.

dscp dscp-value: Specifies the DSCP value for the mirrored packets. The dscp-value argument can be a number in the range of 0 to 63 or a keyword in Table 3. The default DSCP value is 0.

Table 3 DSCP keywords and values

Keyword	DSCP value in binary	DSCP value in decimal
af11	001010	10
af12	001100	12
af13	001110	14
af21	010010	18
af22	010100	20
af23	010110	22
af31	011010	26
af32	011100	28
af33	011110	30
af41	100010	34
af42	100100	36
af43	100110	38
cs1	001000	8
cs2	010000	16
cs3	011000	24
cs4	100000	32
cs5	101000	40
cs6	110000	48
cs7	111000	56
default	000000	0
ef	101110	46

‌

vlan vlan-id: Specifies a VLAN by its VLAN ID in the range of 1 to 4094 for the mirrored packets.

Usage guidelines

Do not enable the spanning tree feature on the monitor port of a mirroring group.

Only when you configure Layer 3 remote port mirroring through encapsulation parameters, you can configure the following encapsulation parameters for mirrored packets sent to the monitor port:

· Destination IP address, which is the IP address of the remote data monitoring device.

· Source IP address.

· Optional encapsulation parameters, including the DSCP value, VLAN, VPN instance, and destination MAC address.

A Layer 2 and Layer 3 aggregate interface cannot be configured as the monitor port for a mirroring group.

Use a monitor port only for port mirroring, so the data monitoring device receives only the mirrored traffic.

The member port of an existing mirroring group cannot be configured as a monitor port.

The member port of an aggregate interface cannot be configured as a monitor port.

Examples

# Create local mirroring group 1 and configure HundredGigE 1/0/1 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 monitor-port hundredgige 1/0/1

# Create local mirroring group 3 and configure ports HundredGigE 1/0/1 through HundredGigE 1/0/3 and HundredGigE 1/0/5 as its monitor ports.

<Sysname> system-view

[Sysname] mirroring-group 3 local

[Sysname] mirroring-group 3 monitor-port hundredgige 1/0/1 to hundredgige 1/0/3 hundredgige 1/0/5

# Create local mirroring group 4. Specify HundredGigE 1/0/1 as its monitor port and configure the encapsulation parameters including the source and destination IP addresses, DSCP value, VLAN, and VPN instance for the mirrored packets.

<Sysname> system-view

[Sysname] mirroring-group 4 local

[Sysname] mirroring-group 4 monitor-port hundredgige 1/0/1 destination-ip 1.1.1.1 source-ip 3.3.3.3 dscp 1 vlan 1 vrf-instance 122

Related commands

mirroring-group

Flow mirroring commands

mirror-to ifa-processor

Use mirror-to ifa-processor to configure a mirroring action that mirrors traffic to the in-band network telemetry (INT) processor.

Use undo mirror-to ifa-processor to delete the mirroring action that mirrors traffic to the INT processor.

‌

NOTE:

This command is supported only on the S9855 Switch Series.

‌

Syntax

mirror-to ifa-processor [ sampler sampler-name ]

undo mirror-to ifa-processor

Default

No mirroring action exists to mirror traffic to the INT processor.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

sampler sampler-name: Specifies a sampler by its name. The sampler-name argument is a case-insensitive string of 1 to 31 characters. If you do not specify this option, packets are not sampled, and all matching packets are mirrored.

Usage guidelines

A sampler selects a packet from sequential packets. Flow mirroring uses the sampler to limit the volume of traffic to be mirrored. Flow mirroring supports using a sampler that has not been created. If you specify a sampler for a mirroring action multiple times, the most recent configuration takes effect. For more information about samplers, see Network Management and Monitoring Configuration Guide.

Example

# Create traffic behavior 1 and configure the action of mirroring traffic to the INT processor. Specify sampler samp for the mirroring action.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to ifa-processor sampler samp

Related commands

sampler

mirror-to interface

Use mirror-to interface to configure a mirroring action that mirrors traffic to an interface.

Use undo mirror-to interface to delete a mirroring action that mirrors traffic to an interface.

Syntax

Syntax I

mirror-to interface interface-type interface-number [ sampler sampler-name ] [ truncation ] [ { destination-ip destination-ip-address source-ip source-ip-address | destination-ipv6 destination-ipv6-address source-ipv6 source-ipv6-address } [ erspanv3 ] [ dscp dscp-value | vlan vlan-id ] * ] [ destination-mac mac-address ] ]

undo mirror-to interface interface-type interface-number

Syntax II

mirror-to interface { destination-ip destination-ip-address source-ip source-ip-address | destination-ipv6 destination-ipv6-address source-ipv6 source-ipv6-address } [ erspanv3 ] [ sampler sampler-name ] [ truncation ] [ dscp dscp-value | vlan vlan-id ] * [ destination-mac mac-address ]

undo mirror-to interface { destination-ip destination-ip-address source-ip source-ip-address | destination-ipv6 destination-ipv6-address source-ipv6 source-ipv6-address }

Default

No mirroring actions exist to mirror traffic to interfaces.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

sampler sampler-name: Specifies a sampler by its name. The sampler-name argument is a case-insensitive string of 1 to 31 characters.

truncation: Truncates the mirrored packets to retain only the first 192 bytes of each packet.

destination-ip destination-ip-address: Specifies the destination IP address for the mirrored packets.

source-ip source-ip-address: Specifies the source IP address for the mirrored packets.

destination-ipv6 destination-ipv6-address: Specifies the destination IPv6 address for the mirrored packets.

source-ipv6 source-ipv6-address: Specifies the source IPv6 address for the mirrored packets.

erspanv3: Uses the ERSPANv3 format to encapsulate packets mirrored to an interface.

IMPORTANT:

The S9825 Switch Series does not support the erspanv3 keyword.

‌

dscp dscp-value: Specifies the DSCP value for the mirrored packets. The dscp-value argument can be a number in the range of 0 to 63 or a keyword in Table 4.

Table 4 DSCP keywords and values

Keyword	DSCP value in binary	DSCP value in decimal
af11	001010	10
af12	001100	12
af13	001110	14
af21	010010	18
af22	010100	20
af23	010110	22
af31	011010	26
af32	011100	28
af33	011110	30
af41	100010	34
af42	100100	36
af43	100110	38
cs1	001000	8
cs2	010000	16
cs3	011000	24
cs4	100000	32
cs5	101000	40
cs6	110000	48
cs7	111000	56
default	000000	0
ef	101110	46

‌

vlan vlan-id: Specifies a VLAN by its VLAN ID in the range of 1 to 4094 for the mirrored packets.

destination-mac mac-address: Specifies the destination MAC address for mirrored packets sent to the interface. The mac-address argument is in the format of H-H-H. If you do not specify this option, the device uses the destination IP address to dynamically get the destination MAC address for the mirrored packets.

Usage guidelines

You can execute this command multiple times for a traffic behavior to mirror traffic to different interfaces.

You can mirror traffic to a maximum of four interfaces. If more than four interfaces are configured, all the interfaces configured by using the mirror-to interface command do not take effect.

A sampler selects a packet from sequential packets. Flow mirroring uses a sampler to limit the volume of traffic to be mirrored. It supports using a sampler that has not been created. If you specify a sampler for a mirroring action multiple times, each configuration does not take effect.For more information about samplers, see Network Management and Monitoring Configuration Guide.

The encapsulation parameters for the mirrored packets are available only when the mirrored packets are sent out of Ethernet interfaces.

If you use syntax I, traffic is mirrored to the specified interface.

If you use syntax II, traffic is processed as follows:

1. The device encapsulates the traffic with the specified parameters.

2. The device looks up the source IP address and destination IP address of the traffic in the routing table and forwards the traffic based on the matching route. The outgoing interface of the route is the destination interface of the mirrored traffic.

Through configuring load sharing in the routing protocols, you can specify multiple destination interfaces for the mirrored traffic. When the current mirroring destination interface fails, the mirrored traffic is forwarded to the outgoing interface re-calculated by the routing protocols.

When the outgoing interface corresponding to the destination IP encapsulated for mirrored packets is a Layer 3 Ethernet subinterface, the VLAN to which the Layer 3 Ethernet subinterface belongs must be the same as the VLAN of mirrored packets.

Examples

# Create traffic behavior 1 and configure the action of mirroring traffic to HundredGigE 1/0/1 for the traffic behavior.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to interface hundredgige 1/0/1

# Create behavior 1, and configure the action of mirroring traffic to an interface as follows:

· Configure the action to truncate mirrored packets.

· Encapsulate the mirrored traffic with destination IP address 1.1.1.1 and source IP address 2.2.2.2.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to interface truncation destination-ip 1.1.1.1 source-ip 2.2.2.2

mirroring erspanv3 switch-id

Use mirroring erspanv3 switch-id to configure the switch ID in ERSPANv3 mirrored packets.

Use undo mirroring erspanv3 switch-id to restore the default.

Syntax

mirroring erspanv3 switch-id switch-id

undo mirroring erspanv3

Default

The switch ID in ERSPANv3 mirrored packets is 4.

Views

System view

Predefined user roles

network-admin

Parameters

switch-id: Specifies the switch ID in ERSPANv3 mirrored packets, in the range of 0 to 1023.

Usage guidelines

In the Layer 3 remote flow mirroring scenario, when packets from multiple source devices are mirrored to the same data monitoring device, the data monitoring device cannot identify the mappings between switch IDs in mirrored packets and source devices by default. As a result, the data mirroring device cannot correctly identify the source device of each mirrored packet. In this case, the administrator can configure this feature on the device to map the switch ID encapsulated in the mirrored packets to the device. Then, the data monitoring device can identify the source device of these mirrored packets.

Examples

# Configure the switch ID in ERSPANv3 mirrored packets as 1.

<Sysname> system-view

[Sysname] mirroring erspanv3 switch-id 1

14-Network Management and Monitoring Command Reference

Port mirroring commands

display mirroring-group

mirroring-group

mirroring-group mirroring-cpu

mirroring-group mirroring-port (interface view)

mirroring-group mirroring-port (system view)

mirroring-group monitor-port (interface view)

mirroring-group monitor-port (system view)

Flow mirroring commands

mirror-to ifa-processor

mirror-to interface

mirroring erspanv3 switch-id

Cloud & AI

Intelligent Connection

Intelligent Computing

Security

SMB Products

Intelligent Terminal Products

Industry Solutions

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Training & Certification

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Partner Business Management

Service Business

Company Information

News & Events

Online Exhibition Center

Contact Us